Imports MIMS.WRS.Entities

Public Class Security
    Public Const CURRENT_USER_SESSION_NAME As String = "CurrentUser"

    Public Shared Function GetCurrentUser() As USER
        If IsNothing(HttpContext.Current.Session(CURRENT_USER_SESSION_NAME)) Then
            Throw New ApplicationException("Session expired.")
        Else
            Return CType(HttpContext.Current.Session(CURRENT_USER_SESSION_NAME), USER)
        End If
    End Function

    Public Shared Function IsCustomer() As Boolean
        Return RequestContext.CurrentUser.USER_TYPE = Convert.ToInt32(UserType.Customer)
    End Function

    Public Shared Function IsSalesOrder() As Boolean
        Return RequestContext.CurrentUser.USER_TYPE = Convert.ToInt32(UserType.Sales)
    End Function

    Public Shared Function IsAdmin() As Boolean
        Return RequestContext.CurrentUser.IS_ADMIN
    End Function

    Public Shared Function IsInternal() As Boolean
        Return GetCurrentUser.USER_TYPE = 1
    End Function

    Public Shared Sub InternalAndAdminOnly()
        If IsCustomer() Then
            Throw New System.Security.SecurityException
        End If
    End Sub

    Public Shared Sub AdminOnly()
        If MIMS_WRS.Web.RequestContext.CurrentUser.IS_ADMIN = False AndAlso _
            MIMS_WRS.Web.RequestContext.CurrentUser.USER_TYPE <> Convert.ToInt32(UserType.Manager) Then
            Throw New System.Security.SecurityException("You are not allow here.")
        End If
    End Sub

    Public Shared Sub CustomerOnly()

        If Not IsCustomer() Then
            Throw New System.Security.SecurityException
        End If
    End Sub

    Public Shared Sub DenyIDSUser()

        If MIMS_WRS.Web.RequestContext.CurrentUser.USER_TYPE = UserType.Customer _
            Or MIMS_WRS.Web.RequestContext.CurrentUser.USER_TYPE = UserType.Sales Then
            Throw New System.Security.SecurityException
        End If
    End Sub


End Class
